Today, an array of ‘Security Innovation’ is happening. There has never been a time where there is more security innovation, and more security spend, as companies and corporations face greater chances of being cyber attacked. There is a new world we must secure - devices, apps (traditional and cloud native) and the cloud (managed, private and public). Today, the typical application is connected to seven different cloud services. With devices increasing substantially, security is often the least thought about as it was never designed with security in mind. We have interconnected sets of services, but then we ask someone to secure it. It is always an afterthought.
Is the Missing Link the Lack of Security Architecture?
Keeping business data and digital assets safe and secure is harder with more and more potential weak spots identified. Hacking methods are getting more sophisticated. Whole industries are springing up around data theft and sabotage. IT security may build a bigger fortress around the data and networks, and limit access wherever it can make a breach unlikely, but for a determined cybercriminal they can work around it. Instead of locking the door and hoping for the best, Adaptive Security Architecture focuses on monitoring for threats and attacks and dealing with them head-on, like a continuous feedback loop of intelligence-gathering, learning and improving. Adapting to security threats as they evolve.
Benefits of Adaptive Security Architecture
Companies have always relied on prevention and policy-based controls for security, deploying products such as anti-virus software, IDS/IPS and firewalls. Today, we are flooded by advanced and targeted attacks. However, the security architect can advise a shift in the security mindset from ‘incident response’ to ‘continuous response’, by assuming that systems are compromised and require continuous monitoring and remediation.
Adaptive Security Architecture has the potential to provide organisations and businesses with the following benefits.
Real-time Monitoring and Responses: Teams are enabled to move from after-the-fact analysis logs to real-time evaluation of users. This makes a dynamic, immediate and potentially autonomous response possible.
Filtering and Prioritisations: By applying advanced analytics and machine learning, organisations can identify some on-going security breaches they cannot detect by monitoring the system alone.
Reduce Threat Amplification: Restrict the potential spread of a pandemic in a monoculture.
Shrink the Attack Surface: Make the target of an attack smaller.
Decrease the Attack Velocity: Slow the rate of attack.
Reduce Remediation Time: Responds to attack quickly.
Gartner says, "…the end goal should be that the different capabilities integrate and share information to build a security protection system that is more adaptive and intelligent overall".
The Four Elements of Adaptive Security
The complexities of digital business and the algorithmic economy combined with emerging ‘hacker industry' significantly increase the threat surface for an organisation.
According to Deloitte, the average cost of a data breach to a single Australian business is more than $2.5 million per year. On top of that is the average breach of more than 20,000 files or information records. And from what we have seen of late, the infiltration has become much more sophisticated. There are four elements of Adaptive Security Architecture which can establish a comprehensive adaptive platform that protects against attackers.
Preventive – The preventive policies, products, and processes that are put in place to counter attacks raise the bar for attackers by reducing surface area for attacks before these can affect the entire enterprise.
Detective – These detective capabilities are designed to discover attacks that evade the ‘preventive'. The goal is to reduce the time for threat detection and therefore prevent potential damages from becoming actual damages.
Restrospective – The retrospective capabilities are required to drill down and remediate issues discovered by detective activities and to provide forensic insights and root-cause analysis. Retrospective proficiencies can be used to recommend new preventive measures to avoid future incidents.
Predictive – Predictive enables the Security team to learn about and record external events via external monitoring of the hacker activities to proactively anticipate new attack types against current systems. This intelligence layer is used as feedback into the preventative and detective capabilities, closing the loop on the entire set of Adaptive Security Architecture and its elements.
The Trend, Adaptive Security – Now and Beyond
The evolution of the intelligent digital mesh and digital technology platforms and application architectures means that security has to become adaptive. Security in the IoT environment is challenging. Security teams need to work with application, solution and enterprise architects to consider security early in the design of applications or IoT solutions. Multi-layered security and user behaviour analytics will become a requirement for virtually every corporation and business. This will help build Adaptive Security Architecture. It is also a market that is estimated to reach US $7.07 billion by 2021. Advanced cyber-attacks will never go away, and it is the need to defend these attacks which will drive the market.